In today's business marketplace, each ongoing business entity desires to manage the risks and possible losses associated with its business, regardless of the business size. Certainly there are risks associated with operating a smaller business but the risks tend to multiply as the size of a business increases. Not only do the risks increase as the relative size of the business increases but the possibility of loss is also multiplied because of the widespread operations of larger businesses. In fact, some business consultants believe that reducing or avoiding losses can be just as important as working on generating profits.
In addition to managing simple risk and loss, there are many other complex issues in today's business world that complicate the management of risk factors. Of course, there is the possibility of the simple loss of profits or merchandise damage, but there are also government rules and regulations that can apply to businesses. For example, some businesses are at risk that governmental regulators could shut down the business or that large fines could be accrued for misdeeds. In addition to governmental regulation, there is also the risk of loss through litigation or other similar legal means. Other risks that contribute to the overall risk analysis for a business are safety concerns, environmental quality, product quality, product liability, insurance, bonding, employee misdeeds, security clearances, disadvantaged business compliance, and similar risks that can be considered by the operating executives or owners of businesses. Furthermore, there are other extraneous risks that need to be assessed and managed such as acts of nature, explosions, fire, and computer failure.
In the past, businesses and corporations have been able to manage this risk by applying specific policies or training rules to their employees to minimize business risks. These policies and rules have included specific types of training, certifications, management and/or monitoring to avoid identified risks. In addition, companies have been able to purchase insurance to cover their own internal risks.
During recent years, many companies have outsourced various functions to third party suppliers or independent contractors. This shift has occurred in part because of the focus of many companies on their core competencies, as opposed to the vertical integration favored in the past. Unfortunately, it is difficult for a company to directly control the behavior of a supplier or independent contractor. For example, a relationship with a supplier or independent contractor can include an inherent level of risk in the following areas: regulatory compliance, insurance expiration, supply interruptions, citation histories, bonding, financial stability, environmental performance, safety reporting, quality performance, employee testing, security, and licensing. Notwithstanding the difficulty in managing the risk created by using outside suppliers, companies desire to manage the risk because this risk flows back to the customer or company.
A larger company may hire a smaller contractor to do a specific job that has inherent risks. Previously, the company may have had this service provided by its own employees and the employees would have been reasonably trained, tested, and appropriately bonded or insured. However, a small supplier or independent contractor who is providing products or services to a larger company may not take these types of precautions. Then when an accident occurs, the larger company or customer may be liable in litigation for problems or accidents resulting from the services or products.
For instance, a petroleum company may hire a welding supplier to work on the petroleum company's oil pipeline system. This welding supplier may be a small welding company that is locally owned or operated. If this welding company hires a welder who is untrained, uninsured, or has a substance abuse problem, then an accident may occur. The welding accident on the oil pipeline might produce an explosion that kills innocent bystanders. Thus, the petroleum company will almost certainly be named in, and may ultimately be held responsible for the resulting litigation that comes from the entire matter, even though the services were provided by an independent supplier.
When a relationship is formed between a customer company and a supplier, at least one contract is typically signed between them. Larger companies typically require the contract with the supplier to include certain terms, conditions, and compliance with government regulations. The terms, conditions, and applicable regulatory provisions that are included in these contracts are quite detailed and can run into the range of hundreds of pages of contract requirements. Once the supplier has agreed to a set of extensive terms, conditions, and applicable government regulations, the customer company is left in the position of determining whether there is actual compliance with all the provisions.
The typical way in which companies have attempted to determine whether a supplier is in compliance with the terms, conditions, and applicable regulations of the contract is to perform further due diligence and research about compliance. For example, a long form or document with questions may be sent to the supplier and the supplier can be asked to disclose an extensive list of information to the customer. It is not atypical for such a compliance due diligence questionnaire or form to range anywhere from 1 to 100 pages or more. The types of questions the supplier is asked to answer can cover a wide range of areas from the executed contract. These issues can include safety, environmental, product liability, insurance, bonding, and other similar issues.
The supplier sends this extensive survey or form to their own compliance department, which fills out the form in detail and supplies the requested compliance information to the customer. If the supplier does not have a compliance or due diligence staff, then the supplier may employ the valuable time of their management staff, servicing staff or others to reply to these information requests. The research and employee time involved in filling out due diligence surveys for such terms, conditions, and applicable regulations can involve tens or even hundreds of man hours. As can be imagined, this amount of compliance work can incur a significant cost for the supplier.
When the customer receives this due diligence information covering compliance with the contract's terms, conditions, and applicable regulations, then the customer must also spend tens or hundreds of hours in organizing and analyzing this information on the paper form to determine if the information received is appropriate, complete, and accurate. This exercise in due diligence helps the customer to better manage the risk associated with having many suppliers. Otherwise, the contract terms and conditions are merely agreed upon but are not necessarily implemented or supported.
Regrettably, there are a number of disadvantages with the current system. Many companies have found that when there is a problem with a supplier, then the compliance documents for the terms and conditions of the contract are pulled out of a physical archive system and reviewed. What may be found is that much of the original survey information is incomplete, missing, old, or incorrect. Principally, it is difficult to monitor continued compliance during the term of the contract.
The entire process of determining whether or not a supplier conforms to the appropriate terms, conditions, and applicable regulations of a customer's contract is an extremely expensive and time consuming process for a customer company. Regardless of how much time and energy is spent on these due diligence processes, there may be overlooked items or incomplete information which will be later brought forth in litigation, government compliance inspections, or governmental hearings that are to the detriment of the company. Despite the reduced risk provided by human monitoring, the risk is not reduced as much as the customer's executive officers and directors would like because of the gaps and inconsistencies in the compliance process. Indeed, when many company executives have been asked what one of their most serious problems is, they reply that it is managing general risk and supplier risk.